Common Mistakes in Securing Devices in Organizations

/

As organizations increasingly rely on technology for their daily operations, the security of company-issued devices has become a top priority. These devices, often containing sensitive information and access to critical systems, are prime targets for cybercriminals. This blog post aims to shed light on the common mistakes made while securing these devices within organizations and […]

Common Mistakes in Securing Devices in Organizations Read More »

The Evolving Botnet Threat Landscape: A 4-Year Comparison

/

Botnets continue to pose significant risks to businesses, organizations, and individuals. In this blog post, I will compare the data gathered from a honeypot set up in 2019 with my recent findings from 2023. This comparison will provide insights into how the botnet threat landscape has evolved over the past four years and offer recommendations

The Evolving Botnet Threat Landscape: A 4-Year Comparison Read More »

The Sinister Web of Cybercrime: An Analysis of a Multi-Stage Attack Targeting High-Profile Individuals

/

Welcome to a world where sophisticated attackers weave their intricate webs, and the boundaries between the digital and physical realms blur. As a cyber security consultant, I’ve seen my fair share of cybercrime investigations, but this one truly stands out. Our story begins with my client, an international businessman, who finds himself the target of

The Sinister Web of Cybercrime: An Analysis of a Multi-Stage Attack Targeting High-Profile Individuals Read More »

Common Mistakes to Avoid in DevSecOps: A Focus on Security

/

In today’s fast-paced technology landscape, the importance of DevSecOps cannot be overstated. As organizations strive to deliver software faster and more efficiently, security has become an integral part of the development process. However, many companies still make common mistakes that compromise the security of their applications. In this blog post, we’ll focus on the security

Common Mistakes to Avoid in DevSecOps: A Focus on Security Read More »

Making the Yahoo Paranoids’ Successful Hackers Poster

/

The Yahoo Paranoids’ poster is a highly coveted recognition for hackers who have successfully identified and reported potential security threats. It is a symbol of the team’s commitment to security and appreciation for the hard work and dedication of their hackers. As a hacker, being recognized for your skills and accomplishments can be a rare

Making the Yahoo Paranoids’ Successful Hackers Poster Read More »

Spam Filter Bypass Method in Phishing Attacks: Flirting

/

What is phishing? Phishing is a type of social engineering where an attacker sends a fraudulent message designed to trick a human victim into revealing sensitive information to the attacker or to deploy malicious software, such as ransomware, on the victim’s infrastructure. The most significant defence mechanism in phishing attacks is user awareness. However, a

Spam Filter Bypass Method in Phishing Attacks: Flirting Read More »

Real Life Pentest Scenarios #5 – Forgotten Git Folder to SSH Keys

/

Target: International Logistic CompanyAccess Point: ExternalTest Profile: Anonymous I decided to spend my weekend with the bug bounty. I would like to talk about one of the vulnerabilities I have identified, which is quite striking. I found a few wildcard records in the scope section. This encouraged me to devote time to the enumeration part.

Real Life Pentest Scenarios #5 – Forgotten Git Folder to SSH Keys Read More »

Real Life Pentest Scenarios #4 – From Rabbit to Domain Admin

/

Target: International Trading CompanyAccess Point: InternalTest Profile: Guest Before Test: The customer said that they had received penetration testing services from different consulting companies a few times and had fixed all vulnerabilities. They just wanted to be sure that they had enough cybersecurity maturity. They also added that there would be no exceptions, no test

Real Life Pentest Scenarios #4 – From Rabbit to Domain Admin Read More »

Real Life Pentest Scenarios #3 – Hacking an ATM

/

Target: International BankAccess Point: PhysicalTest Profile: Guest Before Test: The customer said that they had penetration testing services from different consulting companies a few times and fixed all vulnerabilities; they just want to be sure about they have enough cyber security maturity and the ATMs are ready to go. They also added that there should

Real Life Pentest Scenarios #3 – Hacking an ATM Read More »

Real Life Pentest Scenarios #2 – Insider Threat

/

In this post, I would like to talk about a very interesting situation that I encountered years ago in an insider threat simulation project. Target: International BankAccess Point: InternalTest Profile: Guest Before Test: The customer said that they had penetration testing services from different consulting companies a few times and fixed all vulnerabilities; they just

Real Life Pentest Scenarios #2 – Insider Threat Read More »